This buggy WordPress plugin allows hackers to lace websites with malicious code

By Joel Khalili 2 days ago

This buggy WordPress plugin allows hackers to lace websites with malicious code

By Joel Khalili 2 days ago

Attackers can also abuse the flaw to create administrator accounts

(Image credit: Shutterstock / Magura)

Security researchers have identified a flaw in the Real-Time Find and Replace WordPress plugin that could allow hackers to lace websites with malicious code.

The affected plugin affords WordPress users the ability to edit website code and text content in real-time, without having to go into the backend – and reportedly features on over 100,000 sites.

Uncovered by threat analysts at Wordfence, the exploit manipulates a Cross-Site Request Forgery (CSRF) flaw in the plugin, which the hacker can use to push infected content to the website and create new admin accounts.

The bug reportedly affects all iterations of the plugin up to version 3.9.RECOMMENDED VIDEOS FOR YOU…


Facebooktwitterredditpinterestlinkedintumblrmailby feather